S. Rod Simpson is an experienced IT security professional with over 25 years of experience managing information security risk, IT general controls, IT audit, and compliance at Caterpillar, Inc. He has held roles such as Enterprise Risk Acceptance Manager, IT General Controls Manager, Manager of Key Process Indicators, and Six Sigma Blackbelt. Simpson is skilled in all aspects of information security from policy to protection to audit. He is certified in CRISC, CISA, CISM, ITIL, and Six Sigma methodology.
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
S Rod Simpson Resume
1. S. ROD SIMPSON
CRISC, CISA, CISM, 6 Sigma Black Belt
East Peoria, Illinois, Mobile: 309-369-3646 srodsimpson@gmail.com
INFORMATION SECURITY RISK MANAGEMENT
Highly qualified IT Security professional with 25+ years of senior level domestic and international experience
recently retired on an enhanced retirement package from a fortune 100 company. Enterprise level experience in
applying superb management, communication and technical talents to implement corporate strategies that exceed
expectations. Skilled in maximizing resources, value, and efficiency with extensive background in all stages of
information security policy, IT risk management and response, IT General Controls (SoX), information
classification, protection, and IT audit. Exemplary leadership experience with unique talent to enlist cooperation
among partners. Excellent communication and presentation skills with the ability to effectively address multiple
target audiences at all levels of management including CIO, and Executive office. Innovative thinker with a keen
ability to build profitable relationships in a global business environment. Familiar with COSO/COBIT/ISO
27000/Sox/ITIL/6 Sigma DMAIC/NIST/Archer
Information Security | IT Governance, Risk and Compliance | IT Audit & Controls | IT Risk Assessment |
Systems Assurance | Regulatory Compliance | Process Optimization | Six Sigma Blackbelt
Leadership Development | Coaching | Problem Solving | Quality Improvement
PROFESSIONAL EXPERIENCE
Caterpillar, Inc., Enterprise Information Security Risk Management, Peoria, IL
Enterprise Risk Acceptance Manager 2012-2015
Created and managed enterprise information security risk management and response process.
Assessed changes in business and IT risks, organizational risk culture, risk tolerance and relevant IT
related business initiatives to establish acceptable risk levels.
Created risk level assessment processes and ensured appropriate levels of IT and business management
were involved in reviewing and accepting risks; managed remediation and mitigation requirements.
Enterprise IT General Controls Manager 2010-2012
Managed the Information Technology General Controls (ITGC’s) for the global enterprise in coordination
with Information Services, Financial Services Risk and Controls division, Corporate Auditing and external
auditors.
Served as the enterprise primary technical expert on the ITGC's responsible for the definition, application,
implementation and continual improvement of the ITGC's, including IT SoX controls.
Managed reporting, testing, issue management, remediation and re-testing of SOX IT Controls.
IT Service Management – Manager of Key Process Indicators (KPI's) & Metrics 2007-2010
Developed and managed top tier metrics and key process/performance indicators for IT Service
Management processes (incident, change, problem and service level management).
Developed and implemented key ITSM metrics for Priority 1 Incidents and Mean Time to Repair (MTTR);
established regular usage as measures that were used globally to determine annual IT bonuses.
Sponsored 6 Sigma projects establishing enterprise metrics, operational reports; improved the Service
Level (SLA)/Operation Level Agreement (OLA) metrics reporting process ($40,000 annual savings).
Created and maintained controls for ITSM Assessments to ensure consistent execution of common ITSM
processes world-wide; established and implemented IT Service Management metrics.
6 Sigma Blackbelt - IT Service Management 2004-2007
Certified in DMAIC 6 Sigma methodology with value proposition of over $1M dollars.
Six Sigma Black Belt for implementation of ITSM activities including implementation of change
management processes to satisfy Sarbanes Oxley requirements.
Six Sigma Black Belt for mainframe capacity management project; provided controls for alleviating CPU
overloading/peak demand periods with a savings of $430,000/year.
Six Sigma Black Belt for implementing IT Service Level Management for the Caterpillar Enterprise
Machine Ordering System (CMOPS).
Implemented an IT Service management process that resulted in a $1.5M reduction in support costs.
2. S. ROD SIMPSON
East Peoria, Illinois
Mobile: 309-369-3646 srodsimpson@gmail.com
Sr. IT Auditor - Internal Audit and Compliance 2000-2004
Performed facility and systems audits, security reviews, and IT assessments for both domestic and
international Caterpillar facilities.
Featured speaker on information protection at the National MIS Infosecworld Conference in 2001.
Achieved industry certification Information Systems Auditor and Information Security Manager from
Information Systems and Control Association (ISACA).
Participated on 6Sigma project for improving Caterpillar’s assurance process and implementing
processes to support the Sarbanes-Oxley Act.
Introduced new web links in audit reports to provide guidance to auditees to resolve audit observations;
served as an expert for aligning Corporate Information Security Procedures to the IT facility audit.
Information Security Program Manager – Information Security Services 1997-2000
Managed Information Security Program of six major initiatives and fourteen security related projects.
Created instrumental business case to obtain funding for the entire Information Security Program.
Successfully utilized web technologies, facility visits, and communications; contributed to 44% increase
in awareness and knowledge of information protection; guidelines implemented as enterprise policy.
Managed multiple enterprise information security initiatives to protect business assets such as
Intellectual Properties, Document Management, Records Management and Corporate Human Resources.
Provided data access guidelines and authentication methods; the project was nominated for the
Corporate Award of Excellence.
Introduced Security icon and published security articles in Worldwide Caterpillar media; awareness
efforts resulted in 15% improvement overall awareness.
Secured access to critical intranet based information previously unavailable; resulted in a process
allowing employees at Joint Venture sites to have secure direct high speed connectivity to Intranet
assets.
Represented Caterpillar in security program benchmarking efforts with eight US based companies;
conducted additional benchmarking with the Concours Group for Information Security/Data Privacy.
Corporate Information Security Awareness Coordinator
Managed staff and projects to ensure protection of Caterpillar's information assets; created,
implemented and maintained a new corporate security awareness program.
Directed the rollout of a new Security Awareness Video for multiple corporate groups and business
units, including senior executive management.
Co-authored, coordinated and executed an information security updates at 14 major Caterpillar facilities
in the United States and Europe.
Created a security awareness program and performed a global implementation at 14 major facilities in
Europe and the Americas.
Planned and executed an Enterprise Global Information Security Summit; served as a presenter/host for
IT Security professionals from Europe, the Americas and Asia Pacific.
Supervisor - Network & Information Security Services Team
Supervised staff of 10 individuals responsible for supporting the overall plant computing networks for
two business units; provided direction and control of information security.
Implemented and managed division processes for career planning/objectives planning; managed
employee moves for over 40% of Information Technology staff in 1996.
Managed budget and charge-back processes for network and security related initiatives; conducted
outsourcing studies for network support, help desk, and asset management.
Improved network availability from a baseline of 8-10 hour major plant-wide outages occurring weekly
by upgrading network bandwidth and implementing response processes.
Implemented an ongoing security awareness program in partnership with Corporate Information
Security Services; assisted in the creation of a security awareness video.
3. S. ROD SIMPSON
East Peoria, Illinois
Mobile: 309-369-3646 srodsimpson@gmail.com
PROFESSIONAL DEVELOPMENT AND CERTIFICATION
Certified in Risk and Information Systems Control: CRISC (2016)
Certified 6 Sigma Black Belt: Caterpillar Inc. (2005)
Certified Information Security Manager: ISACA (2003)
Certified Information Systems Auditor: ISACA (2001)
President: ISACA Illini Chapter
ITIL KPI/Metrics Certified
ITIL Foundations Certified
Trained in Situational Leadership and Participative Management
Trained in Organizational Change Management